[rhel6-branch] ssl: 'noverifyssl' kernel boot argument.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Prevents Anaconda from verifying the ssl certificate for all https
connections with an exception of the additional repos (where --noverifyssl
can be set per repo).

For instance, this allows downloading kickstart specified as
ks=https://... where the server is using a self-signed certificate.

Resolves: rhbz#696696
---
 loader/loader.c |    4 +++-
 loader/loader.h |    2 ++
 loader/urls.c   |    4 ++--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/loader/loader.c b/loader/loader.c
index 48359cc..aa26605 100644
--- a/loader/loader.c
+++ b/loader/loader.c
@@ -1108,6 +1108,8 @@ static void parseCmdLineFlags(struct loaderData_s * loaderData,
         else if (!strncasecmp(argv[i], "proxy=", 6))
             splitProxyParam(argv[i]+6, &loaderData->proxyUser,
                             &loaderData->proxyPassword, &loaderData->proxy);
+        else if (!strncasecmp(argv[i], "noverifyssl", 11))
+            flags |= LOADER_FLAGS_NOVERIFYSSL;
         else if (numExtraArgs < (MAX_EXTRA_ARGS - 1)) {
             /* go through and append args we just want to pass on to */
             /* the anaconda script, but don't want to represent as a */
@@ -2454,7 +2456,7 @@ int main(int argc, char ** argv) {
             }
         }
 
-        if (loaderData.instRepo_noverifyssl) {
+        if (loaderData.instRepo_noverifyssl || FL_NOVERIFYSSL(flags)) {
             *argptr++ = "--noverifyssl";
         }
 
diff --git a/loader/loader.h b/loader/loader.h
index 9e0accd..44eca6e 100644
--- a/loader/loader.h
+++ b/loader/loader.h
@@ -72,6 +72,7 @@
 #define LOADER_FLAGS_KICKSTART_SEND_SERIAL   (((uint64_t) 1) << 39)
 #define LOADER_FLAGS_AUTOMODDISK        (((uint64_t) 1) << 40)
 #define LOADER_FLAGS_NOEJECT            (((uint64_t) 1) << 41)
+#define LOADER_FLAGS_NOVERIFYSSL        (((uint64_t) 1) << 42)
 
 #define FL_TEXT(a)               ((a) & LOADER_FLAGS_TEXT)
 #define FL_RESCUE(a)             ((a) & LOADER_FLAGS_RESCUE)
@@ -110,6 +111,7 @@
 #define FL_KICKSTART_SEND_SERIAL(a) ((a) & LOADER_FLAGS_KICKSTART_SEND_SERIAL)
 #define FL_AUTOMODDISK(a)        ((a) & LOADER_FLAGS_AUTOMODDISK)
 #define FL_NOEJECT(a)            ((a) & LOADER_FLAGS_NOEJECT)
+#define FL_NOVERIFYSSL(a)        ((a) & LOADER_FLAGS_NOVERIFYSSL)
 
 void startNewt(void);
 void stopNewt(void);
diff --git a/loader/urls.c b/loader/urls.c
index 611984b..3532c5c 100644
--- a/loader/urls.c
+++ b/loader/urls.c
@@ -167,8 +167,8 @@ int urlinstTransfer(struct loaderData_s *loaderData, struct iurlinfo *ui,
 
         curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
     }
-    
-    if (ui->noverifyssl) {
+
+    if (ui->noverifyssl || FL_NOVERIFYSSL(flags)) {
         curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
     }
 
-- 
1.7.6

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux